How to determine the origin and legitimacy of a transaction is a fundamental problem of having a trustless, distributed monetary system without supervision. Blockchains use asymmetric cryptography to solve this problem. Even if you have never used cryptocurrencies, or programmed a single line of code in your life, you will have used asymmetric cryptography. It is the technology behind the HTTPS protocol, used in banking, downloading software, sending and receiving WhatsApp messages and much more.

In blockchain, a private key is generated using a common secret, a passphrase. This private key can then be used to create a public key, together called a key pair. Using the private key, you can encrypt a piece of data, such that only the public key can decrypt it. The other way around is possible as well; you can encrypt data using the public key such that only the private key can decrypt it.

Using this principle, you can create signatures. Since we know only the private key can encrypt data so that the public key can decrypt it, if I were to send you the text "hello", but encrypted, you could use my public key to decrypt the data back to the text "hello", and thus proving the message originated from me. In the same manner, a blockchain network will validate transactions, using the public key to authenticate the origin of the signed transaction.

TIP

You should now realize why it is so important to keep your private key and passphrase hidden, with them anyone can create valid transactions.

An address on the blockchain is derived from a public key. We could use the public keys directly, but they are quite long and thus take up more storage, and using addresses improves privacy, as someone does not need to expose their public key to receive currencies. Transmitting currencies always requires sharing your public key with the network. Cold wallets are just normal wallets, but ones that haven't yet exposed their public key.

It is possible to compute the private key from the public key, doing so would merely take a very long time, think one-hundred-trillion-times-the-lifespan-of- earth long. Because of this, public keys can be freely shared, allowing anyone to encrypt content and verify digital signatures, while private keys can be kept secret, ensuring only the owners of the private keys can decrypt the content and create digital signatures [1].

Ark uses the SECP256k1 curve from the elliptic curve digital signature algorithm (ECDSA). ECDSA generates the private key and the public key pair from a 32-bytes-size seed. As the seeds are not very human readable, we have the option to generate the seed from something more convenient: a passphrase.

The passphrase generated by the Ark Desktop wallet is a 12-word sentence, according to BIP39. The usage of the protocol is not mandatory as a seed can be generated from any kind text, but is recommended. A passphrase needs enough complexity and has to be random enough to be considered secure.

The best way to secure Ark address is to use a device that can sign transactions securely. The Ark team developed an application running on Ledger Nano S hardware wallet. Even if your computer has been infected with malware, you can still use it with your hardware wallet securely.

The Ledger Nano S device does not store passphrases. It is a device that generates public and private keys from a master seed. Keys are issued from the seed using the derivation path. For Ark blockchain (and cloned ones) the derivation path is structured like this:

44'\111'\<account index>'\0\<address number>

So the derivation path of the first address from the first account is: